Overview

File _patchinfo of Package patchinfo.8397

<patchinfo incident="8397">
  <issue tracker="bnc" id="1070263">VUL-0: CVE-2017-17042: rubygem-yard: lib/yard/core_ext/file.rb does not block relative paths with an initial ../ sequence, which allows directory traversal attacks</issue>
  <issue tracker="cve" id="2017-17042"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jordimassaguerpla</packager>
  <description>This update for rubygem-yard fixes the following issues:

- CVE-2017-17042: The server in YARD did not block relative paths with an
  initial ../ sequence, which allowed attackers to conduct directory traversal
  attacks and read arbitrary files (bsc#1070263).

This update was imported from the SUSE:SLE-12-SP1:Update update project.</description>
  <summary>Security update for rubygem-yard</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places